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DETAILED ACTION 

1 . This Office action is in response to the amendment filed on 8/1 1/09 

2. Claims 1-6, 8, 11-25, 27 and 28 are pending. 

Information Disclosure Statement 

3. The IDS submitted on 8/1 1/09 has been considered. 

Priority 

4. It is noted that the instant application is a continuation in part to application 

1 065021 1 . However, the parent application does not disclose any embodiments that 
feature all limitations of each of the instant claims. For example, none of a forward 
proxy, reverse proxy and/or transparent proxy are identified as embodiments in the 
earlier application. Hence, the priority date with respect to the prior art for the instant 
application is the date of filing of the instant application. See amended specification 
filed on 1/21/09. 

Response to Arguments 

5. Applicant's arguments with respect to the amended claims have been considered 
but are not persuasive. Applicant argues in substance that the prior art does not 
disclose establishing a secure tunnel between the remote site and a local managing 
service, which acts as a forward proxy for the client and a reverse proxy for the server, 
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and between the local managing service and the client. See pg. 9 and 10 of the 
Remarks. It is first noted that based on the enabling disclosure of the instant 
specification, a secure tunnel between two nodes is established when a "secure 
communication" is established between two nodes. See pg. 7, lines 1-18. Furthermore, 
the instant specification defines SSL or TLS as one possible secure communication 
protocol to establish a secure communication between a client and a server. Hence, in 
light of this portion of the specification, and contrary to Applicant's allegation, Boneh 
discloses the limitation in question. In particular, Boneh discloses a web proxy that 
receives a connection request by a client browser to securely connect with a web site 
www.xyz.com: Boneh further discloses that the web proxy first establishes a TLS 
connection between the client and the web proxy, and then establishes a secure TLS 
connection between the web proxy and the web server. See for example, figs. 8 and 
10. Both secure communications establish a trust relationship between the respective 
parties. Furthermore, the web proxy supports a caching service to directly provide 
cached content to the client without having to forward the request to the web server. 
This feature anticipates the limitations in question. For these reasons, the claims 
remain rejected under the prior art of record. 

Double Patenting 

6. The nonstatutory double patenting rejection is based on a judicially created 
doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the 
unjustified or improper timewise extension of the "right to exclude" granted by a patent 
and to prevent possible harassment by multiple assignees. A nonstatutory 
obviousness-type double patenting rejection is appropriate where the conflicting claims 
are not identical, but at least one examined application claim is not patentably distinct 
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from the reference claim(s) because the examined application claim is either anticipated 
by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 
F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 
USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 
1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, All 
F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 
USPQ 644 (CCPA 1969). 

A timely filed terminal disclaimer in compliance with 37 CFR 1 .321 (c) or 1 .321 (d) 
may be used to overcome an actual or provisional rejection based on a nonstatutory 
double patenting ground provided the conflicting application or patent either is shown to 
be commonly owned with this application, or claims an invention made as a result of 
activities undertaken within the scope of a joint research agreement. 

Effective January 1 , 1994, a registered attorney or agent of record may sign a 
terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 
37 CFR 3.73(b). 



7. Claims 1-6, 8, 10-25, 27 and 28 are provisionally rejected on the ground of 
nonstatutory obviousness-type double patenting as being unpatentable over claims 1 , 3- 
15, 17-22 and 24-26 of copending Application No. 10814983. Although the conflicting 
claims are not identical, they are not patentably distinct from each other because the 
subject matter of the instant claims are defined in claims 1 , 3-1 5, 1 7-22 and 24-26 of 
copending Application No. 10814983. 

This is a provisional obviousness-type double patenting rejection because the 
conflicting claims have not in fact been patented. 



Claim Rejections - 35 USC § 103 

8. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
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invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

9. Claims 1-6, 8, 11-25, 27 and 28 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Boneh et al. US 20040015725 (hereinafter Boneh). 

10. As per claims 1-6, Boneh discloses a method for managing and accelerating the 
delivery of data implemented in a computer-readable storage medium and processed 
on a proxy device for performing the method, comprising: 

a. receiving a secure communications request for data associated with a 
remote site, wherein the request is received from a client and the secure 
communications request occurs via Secure Socket Layer (SSL) communications 
with the client (paragraph 26) and wherein the request is received at a forward 
proxy that processes within a local processing environment of the client (fig. 4; 
paragraph 36, browser first sends a message CONNECT www.xyz.com to the 
web proxy; compare with paragraph 47, where no CONNECT messages is pre- 
appended); and 

b. passing the request to a local managing service for processing acting as 
the forward proxy for the client, wherein the local managing service is capable of 
caching the data for servicing the secure communications request of the client 
within the local processing environment of the client and capable of securely 
interfacing with the remote site (paragraphs 34-42; client sends the connect 
request message to the web proxy; proxy performs caching on decrypted 
response); 
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c. the local managing service houses an identity for the remote site and local 
managing service is trusted by the remote site and the remote site delegates 
authority to the local managing service to vend data of the remote sites within the 
local processing environment of the client (paragraph 41 , web proxy creates a 
TLS session to the site www.xyz.com ; TLS session establishment entails 
certificate exchange and verification between the web proxy and the remote site; 
see also pg. 7, lines 13-18 of the instant specification); 

d. creating, by the local proxy device, a secure communications tunnel 
between the client and the local managing service (paragraph 40, TLS session 
between the client and the web proxy; see for example paragraph 12 for TLS 
session generation); and 

e. creating, by the proxy device, another secure communications tunnel 
between the local managing service and the remote site (paragraph 41 , web 
proxy creates a TLS session with the site www.xyz.com); 

f. determining, by the local managing service, when the secure 
communications request can be satisfied with cached data; and supplying the 
data from the cached data to the client with secure communications, when 
present in cache; requesting, by the local managing service, the data from the 
remote site if the data is not in the cache; receiving the data from the remote site; 
and supplying the data to the client with secure communications; housing the 
data in the cache for subsequent requests made by the client or other clients for 
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the data, when the data is permitted to be cached (paragraph 42, all features are 
inherent in caching services); 

g. maintaining, by the local managing service, a certificate associated with 
communications from the remote site (paragraph 41); 

h. transmitting, by the local managing service, to the remote site a first 
certificate associated with the identity of the local managing service; 
receiving, from the remote site, at the local managing service a second certificate 
associated with the identity of the remote site; and communicating between the 
remote site and the local managing service with Secure Sockets Layer (SSL) 
communications using the first and second certificates (paragraph 41). 

1 1 . Although Boneh does not expressly disclose wherein the local service acts as a 
reverse proxy on behalf of the remote site from the local environment of the client, this 
feature is notoriously well known in the art. For example, Netscape Proxy Server v. 3.5 
supports this feature (see for example, "Netscape Proxy Server Administrator's Guide 
Version 3.5 for Unix" Chapter 7 ["reverse mapping"] (entered 2/23/04)). It would be 
obvious to one of ordinary skill in the art at the time the invention was made wherein the 
local service acts as a reverse proxy on behalf of the remote site from the local 
environment of the client. One would be motivated to do so to hide the type of servers 
behind the reverse proxy as known to one of ordinary skill in the art. The 
aforementioned cover the limitations of claims 1-6. 
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12. As per claims 8 and 11-15, Boneh discloses a method of managing and 
accelerating delivery of data implemented in a computer-readable storage medium and 
to process within a local networking environment of a client for performing the method, 
comprising: 

i. processing a local service of a proxy for communicating securely with the 
client and for acting on behalf of the client during interactions between the client 
and a remote site (fig. 4), wherein the local service processes within a local 
environment of the client and uses Secure Socket Layer (SSL) communications 
when interacting with the client (paragraph 26); managing authority from the 
remote site at the local service, wherein authority is managed by accessing a 
certificate of the remote site at the local service; 

j. establishing a secure tunnel between the local service of the proxy and 

the client for interactions between the client and the local service (paragraph 51 , 

secure TLS session between the client and the web proxy); 

k. establishing another secure tunnel between the local service and the 

remote site for interactions between the local service and the remote site 

(paragraph 53, secure TLS session between the web proxy and the remote site); 

and 

I. caching, within the local service, data received from the remote site, and 
wherein portions of the data are sent to the client in order to service data 
requests made from the client to the remote site (paragraphs 46-54); 
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m. initially transmitting a local service certificate to the remote site; and 
subsequently communicating securely between the local service and the remote 
site using the local service certificate and the certificate of the remote site 
(paragraph 53); 

n. establishing the proxy as a transparent proxy for the client (paragraph 47); 
o. inspecting at the proxy a secure request made from the client for the 
remote site; and transferring the secure request to the local service for 
processing (paragraph 52); 

p. wherein caching further includes housing the data in a decrypted format 
within cache of the local service (paragraph 54, caching services are performed 
on decrypted response); 

q. wherein caching further includes sending the portions of the data from the 
cache to the client along with the certificate associated with the remote site 
(paragraph 49 and 54 [cache services]). 
13. Although Boneh does not expressly disclose wherein the local service presents 
itself to the client as the remote site and acts as a reverse proxy on behalf of the remote 
site from the local environment of the client, this feature is notoriously well known in the 
art. For example, Netscape Proxy Server v. 3.5 supports this feature (see for example, 
"Netscape Proxy Server Administrator's Guide Version 3.5 for Unix" Chapter 7 ["reverse 
mapping"] (entered 2/23/04)). It would be obvious to one of ordinary skill in the art at 
the time the invention was made wherein the local service presents itself to the client as 
the remote site and acts as a reverse proxy on behalf of the remote site from the local 
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environment of the client. One would be motivated to do so to hide the type of servers 
behind the reverse proxy as known to one of ordinary skill in the art. The 
aforementioned cover the limitations of claims 8 and 11-15. 

14. As per claim 16-22, Boneh discloses a data management and acceleration 
delivery system implemented in computer-readable storage media and to process on 
devices of a network, the system comprising: 

r. a proxy; a local service accessible to the proxy; and a remote site external 
to the proxy, wherein the proxy directs secure requests received from a client for 
the remote site to the local service (fig. 4), the local service acts as a transparent 
proxy on behalf of the client and communicates securely with the client using 
Secure Socket Layer (SSL) communications (paragraph 26) via a first secure 
tunnel established by the proxy for interactions between the local service and the 
client, and the local service interacts securely with the remote site via a second 
secure tunnel established by the proxy for interactions between the local service 
and the remote site, the interactions between the local service and the remote 
site is to acquire data on behalf of the client, and wherein portions or all of the 
acquired data are cached within the local service and used to service requests 
made by the client from within a local environment of the client (paragraphs 46- 
54; in particular, in paragraph 51 , secure TLS session between the client and the 
web proxy is established, and in paragraph 53, secure TLS session between the 
web proxy and the remote site is established); 
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s. wherein the local service includes a certificate with an identity of the 
remote site which is vended to the client (paragraphs 37 and 49); 
t. wherein the local service and remote site mutually interact securely with 
one another by exchanging certificates with one another (paragraph 53); 
u. wherein the local service and the remote site sign communications 
occurring between them (in SSL client authentication and key exchange is 
performed via signature); 

v. wherein the client is a browser application (paragraph 46); 

w. wherein the browser is configured to contact the proxy when making 

requests directed to the remote site (paragraph 48); 

x. wherein the proxy intercepts requests made from the browser which are 
directed to the remote site and forwards the requests to the local service for 
handling the requests (paragraph 46). 
1 5. Although Boneh does not disclose the local service acts as a reverse proxy on 
behalf of the remote site, this feature is notoriously well known in the art. For example, 
Netscape Proxy Server v. 3.5 supports this feature (see for example, "Netscape Proxy 
Server Administrator's Guide Version 3.5 for Unix" Chapter 7 ["reverse mapping"] 
(entered 2/23/04)). It would be obvious to one of ordinary skill in the art at the time the 
invention was made wherein the local service acts as a reverse proxy on behalf of the 
remote site. One would be motivated to do so to hide the type of servers behind the 
reverse proxy as known to one of ordinary skill in the art. The aforementioned cover the 
limitations of claims 16-22. 
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16. As per claims 23-25, 27 and 28, Boneh discloses a data management and 
acceleration delivery system implemented in a computer-readable storage medium and 
to process on one or more devices of a network, the system comprising: 

y. a proxy; and one or more local services directly accessible to the proxy, 
wherein the proxy acts as an intermediary between one or more clients and one 
or more remote sites (fig. 4), the proxy detects attempts made by the clients for 
establishing secure communications with the remote sites and based on the 
identities of a particular client and particular remote site identifies a particular 
local service, the particular local service communicates securely with the 
particular client, via Secure Socket Layer (SSL) (paragraph 26) communications 
as a transparent proxy to the particular client and via a first tunnel established by 
the proxy between the particular local service and the particular client, and the 
particular local service also securely communicates with the particular remote 
site via a second tunnel established by the proxy between the particular local 
service and the particular remote site, and wherein the particular local service 
caches data received from the particular remote site for purposes of servicing 
requests for portions of that data requested by the particular client and the 
cached data resides within local environments of the particular client (paragraphs 
46-54; in particular, in paragraph 51, secure TLS session between the client and 
the web proxy is established, and in paragraph 53, secure TLS session between 
the web proxy and the remote site is established); 
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z. wherein each local service is associated with a unique one of the remote 
sites (paragraph 31); 

aa. further comprising switching logic that intercepts requests from the clients 
which are directed to the remote sites and forwards them to the proxy (paragraph 
46); 

bb. wherein each of the local services includes a certificate associated with a 
unique one of the remote sites; wherein a number of the local services 
communicates securely with a number of the remote sites by initially exchanging 
mutual certificates (the invention operates via SSL orTLS). 
1 7. Although Boneh does not disclose the particular local service securely 
communicates with the particular remote site as a reverse proxy for the particular 
remote service this feature is notoriously well known in the art. For example, Netscape 
Proxy Server v. 3.5 supports this feature (see for example, "Netscape Proxy Server 
Administrator's Guide Version 3.5 for Unix" Chapter 7 ["reverse mapping"] (entered 
2/23/04)). It would be obvious to one of ordinary skill in the art at the time the invention 
was made wherein the particular local service securely communicates with the 
particular remote site as a reverse proxy for the particular remote service. One would 
be motivated to do so to hide the type of servers behind the reverse proxy as known to 
one of ordinary skill in the art. The aforementioned cover the limitations of claims 23- 
25, 27 and 28. 



Conclusion 



Application/Control Number: 10/784,440 Page 14 

Art Unit: 2432 

18. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

19. Bellwood et al. US 6,584,567 discloses a proxy establishing a secure 
communication between a client and a set of servers and further providing caching 
services. 

20. Chawla et al. US 7,137,143 discloses a secure reverse proxy establishing 
separate secure connections between a client and a web server and further providing 
caching services. 

21 . "Secures Sockets Layer Discussion List FAQ v1 .1 .1 ," pg. 7 (entered 9/1 7/08) 
discloses establishing separate secure connections between a client and a Netscape 
Proxy server and between a Netscape Proxy server and an external server. 

Communications Inquiry 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jung W. Kim whose telephone number is 571-272-3804. 
The examiner can normally be reached on M-F 9:00-5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 



Application/Control Number: 10/784,440 Page 15 

Art Unit: 2432 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 



/Jung Kim/ 

Primary Examiner, AU 2432 



